General
-
Target
2025-06-03_083740c55d0a459674457b8551ed9c6a_akira_black-basta_cobalt-strike_satacom
-
Size
1.0MB
-
Sample
250604-1pgwsawpv7
-
MD5
083740c55d0a459674457b8551ed9c6a
-
SHA1
2eb57b82e81e015f565179d4ef88ee8e1bb2b91e
-
SHA256
02b49fd8781580e1f25034c9ca89d7989729f6ca898579f434cc6122247b7c06
-
SHA512
c95bdb73965503723b1a2222d0a486666a44ebb714b5b581a8b8c7aea05c7633a983198f983708bf041eed5fc77bd6ff7ca0a77db861b56585240c32af2735a2
-
SSDEEP
24576:zQagXrs6xiS7Ay/i4NBqThb23KAwcCcoVMqs:zQa36bg4NBqT1VAwfcoVe
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-03_083740c55d0a459674457b8551ed9c6a_akira_black-basta_cobalt-strike_satacom.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-06-03_083740c55d0a459674457b8551ed9c6a_akira_black-basta_cobalt-strike_satacom.exe
Resource
win11-20250502-en
Malware Config
Extracted
C:\Users\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/d/7816899251-AZOSS
Targets
-
-
Target
2025-06-03_083740c55d0a459674457b8551ed9c6a_akira_black-basta_cobalt-strike_satacom
-
Size
1.0MB
-
MD5
083740c55d0a459674457b8551ed9c6a
-
SHA1
2eb57b82e81e015f565179d4ef88ee8e1bb2b91e
-
SHA256
02b49fd8781580e1f25034c9ca89d7989729f6ca898579f434cc6122247b7c06
-
SHA512
c95bdb73965503723b1a2222d0a486666a44ebb714b5b581a8b8c7aea05c7633a983198f983708bf041eed5fc77bd6ff7ca0a77db861b56585240c32af2735a2
-
SSDEEP
24576:zQagXrs6xiS7Ay/i4NBqThb23KAwcCcoVMqs:zQa36bg4NBqT1VAwfcoVe
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Akira family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (9691) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops startup file
-
Drops desktop.ini file(s)
-